public inbox for [email protected]help / color / mirror / Atom feed
[pgAdmin][RM4674] User can not launch query tool window if user name contain html characters 4+ messages / 2 participants [nested] [flat]
* [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters @ 2019-08-27 11:14 Aditya Toshniwal <[email protected]> 0 siblings, 1 reply; 4+ messages in thread From: Aditya Toshniwal @ 2019-08-27 11:14 UTC (permalink / raw) To: pgadmin-hackers Hi Hackers, Attached is the patch to fix the issue. Kindly review. -- Thanks and Regards, Aditya Toshniwal Software Engineer | EnterpriseDB India | Pune "Don't Complain about Heat, Plant a TREE" Attachments: [application/octet-stream] RM4674.patch (1.9K, 3-RM4674.patch) download | inline diff: diff --git a/web/pgadmin/tools/datagrid/static/js/datagrid.js b/web/pgadmin/tools/datagrid/static/js/datagrid.js index f12ab7a7..7610d955 100644 --- a/web/pgadmin/tools/datagrid/static/js/datagrid.js +++ b/web/pgadmin/tools/datagrid/static/js/datagrid.js @@ -227,7 +227,7 @@ define('pgadmin.datagrid', [ queryToolForm +=` </form> <script> - document.getElementById("title").value = "${panel_title}"; + document.getElementById("title").value = "${_.escape(panel_title)}"; document.getElementById("queryToolForm").submit(); </script> `; diff --git a/web/pgadmin/tools/datagrid/static/js/datagrid_panel_title.js b/web/pgadmin/tools/datagrid/static/js/datagrid_panel_title.js index 8c9b999c..6ea36ac5 100644 --- a/web/pgadmin/tools/datagrid/static/js/datagrid_panel_title.js +++ b/web/pgadmin/tools/datagrid/static/js/datagrid_panel_title.js @@ -52,6 +52,6 @@ export function setQueryToolDockerTitle(panel, is_query_tool, panel_title, is_fi panel_icon = 'fa fa-bolt'; } - panel.title('<span title="'+ panel_tooltip +'">'+ panel_title +'</span>'); + panel.title('<span title="'+ _.escape(panel_title) +'">'+ _.escape(panel_title) +'</span>'); panel.icon(panel_icon); } diff --git a/web/pgadmin/tools/sqleditor/static/js/sqleditor.js b/web/pgadmin/tools/sqleditor/static/js/sqleditor.js index 7e368ffb..82ceb3f5 100644 --- a/web/pgadmin/tools/sqleditor/static/js/sqleditor.js +++ b/web/pgadmin/tools/sqleditor/static/js/sqleditor.js @@ -3436,7 +3436,7 @@ define('tools.querytool', [ // Find the title of the visible panel _.each(window.top.pgAdmin.Browser.docker.findPanels('frm_datagrid'), function(p) { if (p.isVisible()) { - self.gridView.panel_title = $(p._title).html(); + self.gridView.panel_title = $(p._title).text(); } }); ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters @ 2019-08-28 05:16 Akshay Joshi <[email protected]> parent: Aditya Toshniwal <[email protected]> 0 siblings, 1 reply; 4+ messages in thread From: Akshay Joshi @ 2019-08-28 05:16 UTC (permalink / raw) To: Aditya Toshniwal <[email protected]>; +Cc: pgadmin-hackers Thanks patch applied. On Tue, Aug 27, 2019 at 4:44 PM Aditya Toshniwal < [email protected]> wrote: > Hi Hackers, > > Attached is the patch to fix the issue. > Kindly review. > > -- > Thanks and Regards, > Aditya Toshniwal > Software Engineer | EnterpriseDB India | Pune > "Don't Complain about Heat, Plant a TREE" > -- *Thanks & Regards* *Akshay Joshi* *Sr. Software Architect* *EnterpriseDB Software India Private Limited* *Mobile: +91 976-788-8246* ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters @ 2019-12-05 07:13 Aditya Toshniwal <[email protected]> parent: Akshay Joshi <[email protected]> 0 siblings, 1 reply; 4+ messages in thread From: Aditya Toshniwal @ 2019-12-05 07:13 UTC (permalink / raw) To: pgadmin-hackers Hi Hackers, This issue seems to have reappeared. Kindly review the attached patch to fix it again. On Wed, Aug 28, 2019 at 10:47 AM Akshay Joshi <[email protected]> wrote: > Thanks patch applied. > > On Tue, Aug 27, 2019 at 4:44 PM Aditya Toshniwal < > [email protected]> wrote: > >> Hi Hackers, >> >> Attached is the patch to fix the issue. >> Kindly review. >> >> -- >> Thanks and Regards, >> Aditya Toshniwal >> Software Engineer | EnterpriseDB India | Pune >> "Don't Complain about Heat, Plant a TREE" >> > > > -- > *Thanks & Regards* > *Akshay Joshi* > > *Sr. Software Architect* > *EnterpriseDB Software India Private Limited* > *Mobile: +91 976-788-8246* > -- Thanks and Regards, Aditya Toshniwal Sr. Software Engineer | EnterpriseDB India | Pune "Don't Complain about Heat, Plant a TREE" Attachments: [application/octet-stream] RM4674_v2.patch (635B, 3-RM4674_v2.patch) download | inline diff: diff --git a/web/pgadmin/tools/datagrid/static/js/datagrid.js b/web/pgadmin/tools/datagrid/static/js/datagrid.js index b4258ee59..1df617386 100644 --- a/web/pgadmin/tools/datagrid/static/js/datagrid.js +++ b/web/pgadmin/tools/datagrid/static/js/datagrid.js @@ -227,7 +227,7 @@ define('pgadmin.datagrid', [ queryToolForm +=` </form> <script> - document.getElementById("title").value = "${panel_title}"; + document.getElementById("title").value = "${_.escape(panel_title)}"; document.getElementById("queryToolForm").submit(); </script> `; ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters @ 2019-12-05 07:44 Akshay Joshi <[email protected]> parent: Aditya Toshniwal <[email protected]> 0 siblings, 0 replies; 4+ messages in thread From: Akshay Joshi @ 2019-12-05 07:44 UTC (permalink / raw) To: Aditya Toshniwal <[email protected]>; +Cc: pgadmin-hackers Thanks, patch applied. On Thu, Dec 5, 2019 at 12:44 PM Aditya Toshniwal < [email protected]> wrote: > Hi Hackers, > > This issue seems to have reappeared. Kindly review the attached patch to > fix it again. > > On Wed, Aug 28, 2019 at 10:47 AM Akshay Joshi < > [email protected]> wrote: > >> Thanks patch applied. >> >> On Tue, Aug 27, 2019 at 4:44 PM Aditya Toshniwal < >> [email protected]> wrote: >> >>> Hi Hackers, >>> >>> Attached is the patch to fix the issue. >>> Kindly review. >>> >>> -- >>> Thanks and Regards, >>> Aditya Toshniwal >>> Software Engineer | EnterpriseDB India | Pune >>> "Don't Complain about Heat, Plant a TREE" >>> >> >> >> -- >> *Thanks & Regards* >> *Akshay Joshi* >> >> *Sr. Software Architect* >> *EnterpriseDB Software India Private Limited* >> *Mobile: +91 976-788-8246* >> > > > -- > Thanks and Regards, > Aditya Toshniwal > Sr. Software Engineer | EnterpriseDB India | Pune > "Don't Complain about Heat, Plant a TREE" > -- *Thanks & Regards* *Akshay Joshi* *Sr. Software Architect* *EnterpriseDB Software India Private Limited* *Mobile: +91 976-788-8246* ^ permalink raw reply [nested|flat] 4+ messages in thread
end of thread, other threads:[~2019-12-05 07:44 UTC | newest] Thread overview: 4+ messages (download: mbox mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2019-08-27 11:14 [pgAdmin][RM4674] User can not launch query tool window if user name contain html characters Aditya Toshniwal <[email protected]> 2019-08-28 05:16 ` Akshay Joshi <[email protected]> 2019-12-05 07:13 ` Aditya Toshniwal <[email protected]> 2019-12-05 07:44 ` Akshay Joshi <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox